Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

Setting information
1.2.4 Verify Package Integrity Using RPM (Not Scored)
Profile Applicability:
• Level 1
Description:
RPM has the capability of verifying installed packages by comparing the installed files against the file information stored in the package.
Rationale:
Verifying packages gives a system administrator the ability to detect if package files were changed, which could indicate that a valid binary was overwritten with a trojaned binary.
Audit:
Perform the following to verify integrity of installed packages.
# rpm -qVa | awk '$2 != "c" { print $0}' If any output shows up, you may have an integrity issue with that package
Note: Actions in other areas of the benchmark change permissions on some files to make them more secure than the default, which would cause this check to fail. It is important to validate the packages either have the permissions they were intended to have, or have been intentionally altered. It is recommended that any output generated in the audit step be investigated to justify the discrepancy.
Remediation:
Address unexpected discrepancies identified in the audit step.

The results from command
Problem Centos 6.6

Ran this command
[root@baseivas ~]# rpm -qVa | awk '$2 != "c" { print $0}'
this is what it showed don't know what it means or how to fix if it needs fixing

Capital m stands for mode (like permissions). "missing" means just that: the item is missing on the file system. You can create the directory with the right ownership and access permissions (see 'rpm -qlv gdm|grep gdm/greeter;') but if this is a headless server then it should not be running GNOME Display Manager in the first place.

Quote:

Originally Posted by srsnic

Code:

prelink: /usr/lib/libhpip.so.0.0.1: at least one of file's dependencies has changed since prelinking
S.?...... /usr/lib/libhpip.so.0.0.1
prelink: /usr/lib/libhpmud.so.0.0.6: at least one of file's dependencies has changed since prelinking
S.?...... /usr/lib/libhpmud.so.0.0.6

What it says: a dependency (checked by its hash) changed. Given that Fedora removed 'prelink' around Fedora 20 and given the price of RAM, if this is a server then you might not find that prelink will give you much speed benefits in the first place. If you found the issues do not outweigh the benefits and if you have have determined you do not need prelink (also see this) then first disable, then undo and then remove prelinking.

The modification time is not the same as recorded in the RPMDB. This is common for files that are modified after installing the package like configuration files (which saved 'depmod -ae' output kind of is too). Note changed file modification time may also be an indication of a breach of compromise so always investigate so you know if it was a legitimate action or not.

Quote:

Originally Posted by srsnic

I am a newbie and I am learning Linux as I go

Good luck. Like any (budding) specialist you should aim to excel in what you do. Actively increasing your knowledge by reading and practicing a lot will help.